CN110414258A - Document handling method and system, data processing method - Google Patents
Document handling method and system, data processing method Download PDFInfo
- Publication number
- CN110414258A CN110414258A CN201810399221.9A CN201810399221A CN110414258A CN 110414258 A CN110414258 A CN 110414258A CN 201810399221 A CN201810399221 A CN 201810399221A CN 110414258 A CN110414258 A CN 110414258A
- Authority
- CN
- China
- Prior art keywords
- file
- credible
- operating characteristics
- determined
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/567—Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mathematical Physics (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
Abstract
This application discloses a kind of document handling methods and system, data processing method.Wherein, this document processing method includes: the operation requests that monitoring operates file;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determine that triggering credible chip encrypts file.Present application addresses the low and at high cost technical problems of the processing accuracy of document handling method in the prior art.
Description
Technical field
This application involves computer safety fields, in particular to a kind of document handling method and system, data processing
Method.
Background technique
The wooden horse that software is a kind of prevalence is extorted, by way of kidnapping user file, can be made encrypting the file of user
User data assets or computing resource can not normal use, and as condition to user's extortionist.Once user is strangled
The infection of rope software, it will usually allow computer screen to pop up prompting message, user file is claimed to be encrypted, it is desirable that branch pays ransom, this
When user critical data may be already encrypted that and password only has in blackmailer's hand of distal end and has.
In order to take precautions against data by illegal encryption even extortionist, a variety of solutions are provided in the prior art: in real time
Redundancy technique, when extorting software kidnapping user data, user can be restored to the last backup, so that loss is reduced, but
It is this scheme to sacrifice a large amount of memory space as cost;File access control technology, each document it is a kind of to application or
Several document editors, limitation only have the process of these editing machines that could modify to document editor, still, this scheme need
Maintenance and management white list is wanted, cost is relatively high;Key recovery technology, extorting software realization person may deposit during realization
In loophole and carelessness, file encryption key in memory is not removed, can use this to find remaining key in memory, into
And restore the data that user is kidnaped, still, this scheme heavy dependence extorts the loophole that software itself is realized;Binary detection
Technology, by the way that Miscellaneous Documents (including suspicious document, Unknown Applications) are submitted to cloud platform automatically, detected by feature,
The modes such as virtualization execution concentrate identification, find suspicious document (may be the attack document with vulnerability exploit) and malice in time
Program, still, this technology can not cope with new mutation.
For the low and at high cost problem of the processing accuracy of document handling method in the prior art, not yet propose at present effective
Solution.
Summary of the invention
The embodiment of the present application provides a kind of document handling method and system, data processing method, existing at least to solve
The low and at high cost technical problem of document handling method processing accuracy in technology.
According to the one aspect of the embodiment of the present application, a kind of document handling method is provided, comprising: monitoring carries out file
The operation requests of operation;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determine that triggering can
Believe chip encryption file.
According to the another aspect of the embodiment of the present application, a kind of document handling system is additionally provided, comprising: file credible operation
Monitoring parts, for monitoring the operation requests operated to file, if monitoring operation requests, the operation for obtaining operation is special
Sign;Credible chip, for encrypting file;File credible operation monitoring component has correspondence with credible chip, is also used to point
Operating characteristics are analysed, determine that triggering credible chip encrypts file.
According to the another aspect of the embodiment of the present application, a kind of storage medium is additionally provided, storage medium includes the journey of storage
Sequence, wherein equipment where control storage medium executes following steps in program operation: the operation that monitoring operates file
Request;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determine that credible chip encrypts file.
According to the another aspect of the embodiment of the present application, a kind of processor is additionally provided, processor is used to run program,
In, program executes following steps when running: the operation requests that monitoring operates file;If monitoring operation requests, obtain
The operating characteristics of extract operation;Operating characteristics are analyzed, determine that triggering credible chip encrypts file.
According to the another aspect of the embodiment of the present application, a kind of document handling system is additionally provided, comprising: processor;And
Memory is connect with processor, for providing the instruction for handling following processing step for processor: monitoring operates file
Operation requests;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determines and triggers credible core
Piece encrypts file.
According to the another aspect of the embodiment of the present application, additionally provide a kind of data processing method, comprising: obtain to data into
The operation requests of row operation, wherein operation requests include operation code;According to operation code, triggering credible chip encryption data is determined,
Wherein, operation code corresponds to operating characteristics.
In the embodiment of the present application, the operation requests operated to file can be monitored in real time, asked when monitoring operation
When asking, the operating characteristics of the available operation, and operating characteristics are analyzed, determine that triggering credible chip encrypts file,
To realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file
Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice
Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host
Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved
About management cost improves processing accuracy, promotes the technical effect of user experience.
It is low and at high cost to solve document handling method processing accuracy in the prior art for scheme provided by the present application as a result,
The technical issues of.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen
Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 is the schematic diagram according to a kind of document handling system of the embodiment of the present application 1;
Fig. 2 is the configuration diagram according to a kind of optional document handling system of the embodiment of the present application;
Fig. 3 is the flow chart according to a kind of optional document handling method of the embodiment of the present application;
Fig. 4 be according to the embodiment of the present application it is a kind of for realizing document handling method terminal (or movement set
It is standby) hardware block diagram;
Fig. 5 is the flow chart according to a kind of document handling method of the embodiment of the present application 2;
Fig. 6 is the schematic diagram according to a kind of document handling apparatus of the embodiment of the present application 3;
Fig. 7 is the flow chart according to a kind of data processing method of the embodiment of the present application 4;
Fig. 8 is the schematic diagram according to a kind of data processing equipment of the embodiment of the present application 5;And
Fig. 9 is the structural block diagram according to a kind of terminal of the embodiment of the present application.
Specific embodiment
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application
Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
The embodiment of the application a part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people
Member's every other embodiment obtained without making creative work, all should belong to the model of the application protection
It encloses.
It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to embodiments herein described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
Firstly, the part noun or term that occur during the embodiment of the present application is described are suitable for following solution
It releases:
Credible chip: credible chip (Trusted Computing) is to be widely used to be based in calculating and communication system
Credible chip platform under hardware security module support, to improve the safety of system entirety.
Credible platform module (TPM): Trusted Platform Module can be and provide integrality and true for data
The safety chip of reality guarantee is generally tied to by force computing platform by physics mode.
It extorts software: being a kind of wooden horse of prevalence, by way of kidnapping user file, can be made encrypting the file of user
With data assets or computing resource can not normal use, and as condition to user's extortionist;The software of extorting of mainstream leads to
Often there are two types of the modes of operation file, and one is directly encryptions to cover original, and the not no key of blackmailer, several in this case
It can not restore;It is another then be first encryption ghost file, then delete original, it is in this case it is possible that extensive
It is multiple.
Comentropy: Shannon has used for reference thermodynamic (al) concept, can be with the average information after redundancy is eliminated in information
Referred to as " comentropy ", and give the mathematic(al) representation for calculating comentropy.
Embodiment 1
Due in the related technology, in order to take precautions against file pay through the nose software illegally encrypt it is a variety of used by even extortionist
Document handling method is needed to sacrifice a large amount of memory space as cost, and cost is relatively high, and it is real that heavy dependence extorts software itself
Existing loophole, and new mutation can not be coped with, cause document handling method processing accuracy low and at high cost.
In order to solve the above-mentioned technical problem, present applicant proposes a kind of document handling system, Fig. 1 is implemented according to the application
The schematic diagram of a kind of document handling system of example 1, as shown in Figure 1, the system may include: file credible operation monitoring component 12
With credible chip 14.
Wherein, file credible operation monitoring component 12 is for monitoring the operation requests operated to file, if monitoring
To operation requests, the operating characteristics of operation are obtained;Credible chip 14 is for encrypting file;File credible operation monitoring component, with
Credible chip has correspondence, is also used to analyze operating characteristics, determines that triggering credible chip encrypts file.
Specifically, as shown in Fig. 2, possessing TPCM (is credible platform control module, Trusted Platform Control
The abbreviation of Module) or TPM credible chip host operating system may include: system service, operating system nucleus interface layer,
File system driver, volume driving, disk drive, bus driver and credible chip (TPCM/TPM), operating system pass through operation system
System kernel interface layer and user application carry out data interaction, increase file credible in operating system kernel layer and operate monitoring unit
Part, the component are used to intercept and capture all programs to the operation behavior of file, above-mentioned host can be smart phone (including
Android phone and IOS mobile phone), tablet computer, IPAD, the mobile devices such as palm PC, be also possible to PC computer, notebook
The computer equipments such as computer, the application are not specifically limited in this embodiment;Above-mentioned file can be cannot be by other users in host
The sensitive document arbitrarily modified, deleted, is also possible to the sensitive document that user is not intended to other people arbitrarily to modify, delete, for example, right
In commercial user, sensitive document can be the files such as contract documents, customer information file, if above-mentioned file pays through the nose, software is tied up
Frame can bring massive losses to user;Above-mentioned operation may include: write operation, read operation, can specifically include encryption behaviour
Operation, the application such as work, covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can be according to reality
Processing needs to be defined, and different operations has different operating characteristics, and operating characteristics can characterize specifically which kind of type
Operation, and whether credible chip is called to operate etc..
It should be noted that since the quantity of documents stored in host is more, it, can be only in order to promote file activity
Sensitive document is monitored, and no longer All Files are monitored.
In a kind of optional scheme, in computer security application scenarios, TPCM or TPM can possessed in advance
The operating system kernel layer of credible chip host increases file credible and operates monitoring part, operates monitoring part by file credible
The operation requests to file are intercepted and captured, especially to the operation of sensitive document, that is, whenever file credible operation monitoring part monitoring
When to the operation requests operated to sensitive document, which is intercepted, avoids operating system to this operation
Request is responded.After file credible operation monitoring part intercepts operation, the operation of the available operation is special
Sign, and operating characteristics are analyzed, judge whether the operation triggers credible chip encryption file, if it is determined that do not trigger, then
It can determine that this time operation is illegal operation, in order to protect sensitive document, can forbid this time operating file execution,
To which operating system does not respond this operation;If it is determined that triggering, then can determine this time operation be legitimate user into
Capable valid operation can permit and execute this time operation to file, thus what file credible operation monitoring part release was intercepted
Operation requests, operating system can respond this operation, complete corresponding operation.
Fig. 3 is according to a kind of flow chart of optional document handling method of the embodiment of the present application, below with reference to Fig. 3 to this
Apply for that a kind of preferred embodiment is described in detail, as shown in figure 3, this method may include steps of:
Step S31 intercepts and captures file operation requests.
Optionally, when user operates sensitive document, initiates operation requests, file credible operates monitoring part and cuts
Obtain operation requests.
Step S32 analyzes operating characteristics.
Optionally, the operating characteristics of file credible operation monitoring part analysis operation requests.
Step S33, judges whether it is write operation.
Optionally, file credible operation monitoring part judges what user needed to carry out file by analysis operating characteristics
Whether operation is write operation, if it is not, that is, user needs then to enter step S34 to file progress read operation;If so,
Then enter step S35.
Step S34 allows read operation.
Optionally, determine user need to file carry out read operation after, can determine this time operation be not extort it is soft
The operation that part executes, therefore can permit user and read operation is carried out to file, file credible operation monitoring part asks the operation
It asks and passes operating system kernel layer back and responded.
Step S35, judges whether it is cryptographic operation.
Optionally, it after determining that user needs to carry out write operation to file, is carried out in order to avoid extorting software to file
Operation can further judge that user needs whether the operation carried out to file is cryptographic operation, specifically can be pre- by judging
Whether the comentropy for covering the file of original document reach encryption threshold value, or passes through statistics, machine learning, pattern-recognition
Method come identify covering original document content whether meet encrypted feature, to determine whether be cryptographic operation.If it is determined that not
It is cryptographic operation, then enters step S36, if it is determined that is cryptographic operation, then enters step S37.
Step S36 allows covering/deletion original.
Optionally, after determining that user needs the operation carried out to file not to be cryptographic operation, it can determine and this time grasp
It is not the operation for extorting software execution, can permit user and covering operation or delete operation are carried out to file, namely allow to use
Family covers/deletes original, which can be passed back operating system kernel layer progress by file credible operation monitoring part
Response.
Step S37 judges whether to trigger credible chip cryptographic operation.
Optionally, determine user need to file carry out cryptographic operation after, in order to avoid extort software to file into
Row operation can further judge whether user passes through and credible chip acquisition file encryption key is called to carry out encryption behaviour to file
Make, if it is not, then entering step S38;If it is, entering step S39.
Step S38 prevents covering/deletion original.
Optionally, determine user do not pass through call credible chip obtain file encryption key to file carry out cryptographic operation
Later, it can determine that this time operation may be to extort the operation that software executes to prevent to protect the sensitive document of user
User carries out covering operation or delete operation to file, namely user is prevented to cover/delete original, file credible operation monitoring
Component can ignore the operation requests, or can directly abandon the operation requests, so that operating system kernel layer can not be to this
Operation requests are responded.
Step S39 judges whether to be legitimate user.
Optionally, after determining that user needs to carry out write operation to file, in order to avoid illegal user carries out file
Operation, can further judge whether the user is legitimate user, if it is, entering step S310;If it is not, then returning
Step S38 can determine that this time operation is that the operation that illegal user carries out can prevent to protect the sensitive document of user
Illegal user carries out covering operation or delete operation to file, namely illegal user is prevented to cover/delete original, file credible
Operation monitoring part can ignore the operation requests, or can directly abandon the operation requests, thus operating system kernel layer
The operation requests can not be responded.
It should be noted that legitimate user needs to complete following initialization:
Firstly, legitimate user (referred to as C) and file credible operate monitoring part (referred to as S) from business server cluster
Platform credential issue center (referred to as PCA) and obtain respective platform credential Cert_AIKC and Cert_AIKS respectively, wherein
Respective platform public key is AIKpk_C and AIKpk_S, and respective platform private key is AIKpriv_C and AIKpriv_S, respective
Platform private key is stored in respective TPCM/TPM chip.PCA also has the platform credential Cert_AIKPCA and platform body of oneself
The public and private key AIKpk_PCA and AIKpriv_PCA of part.C and S can obtain the platform identity public key for being intended to communication object from PCA
And platform credential.
Secondly, C completes initialization registration to S, to become legitimate user, possess corresponding franchise password, and have submitted
Lists of documents to be protected, wherein C is only intercepted and captured to the operation requests that file is operated in lists of documents to be protected.C can be from
TPCM/TPM chip obtains the file encryption key of encryption file, and is stored in credible chip.
It should also be noted that, checking that encrypted file, C can be obtained from TPCM/TPM chip and be solved in order to facilitate user
The file decryption key of ciphertext part, and be stored in credible chip.
Step S310 inputs proper password password.
Optionally, determine need the user that file is operated be legitimate user after, in order to ensure legitimate user
Valid operation is carried out to file, file credible operation monitoring part can allow user to input password password, namely the legal use of input
The franchise password possessed after the registration of family.
Step S311 judges whether password password is correct.
Optionally, file credible operation monitoring part judges whether the password password of user's input is correct, namely judgement is used
Whether the franchise password possessed after the password password and legitimate user registrations of family input is identical, if identical, it is determined that password mouth
It enables correctly, S36 can be entered step, determine that this time operation is not to extort the operation of software execution, can permit user to file
Covering operation or delete operation are carried out, namely user is allowed to cover/delete original, file credible operates monitoring part and can incite somebody to action
The operation requests are passed operating system kernel layer back and are responded;If it is not the same, then determining password password mistake, step can be entered
Rapid S38 can prevent user from carrying out covering operation or delete operation, namely resistance to file to protect the sensitive document of user
Only user covers/deletes original, and file credible operation monitoring part can ignore the operation requests, or can directly abandon
The operation requests, so that operating system kernel layer can not respond the operation requests.
Scheme provided by the above embodiments of the present application 1 can monitor the operation requests operated to file in real time, when
When monitoring operation requests, the operating characteristics of the available operation, and operating characteristics are analyzed, it determines and triggers credible core
Piece encrypts file, to realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file
Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice
Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host
Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved
About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 1 provided by the present application as a result,
The low and at high cost technical problem of exactness.
In the above embodiments of the present application, file credible operation monitoring component is also used to judge whether triggering credible chip to text
Part carries out cryptographic operation, and credible chip is used for key encryption or decryption file using storage inside, wherein if triggering is credible
Chip carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and executing allows legitimate user to hold file
The step of row valid operation, carries out cryptographic operation to file if not triggering credible chip, it is determined that do not trigger credible chip and add
Ciphertext part, and execute and forbid the step of valid operation is executed to file.
Specifically, above-mentioned credible chip can be credible chip as shown in Figure 2, and credible chip storage inside has to text
Part carries out the separate keys of cryptographic operation or decryption oprerations, by calling credible chip that can trigger credible chip independent encryption
File carries out cryptographic operation, covering operation or delete operation to file;Above-mentioned legitimate user can be the owner of file,
Or possess the user of operating privilege, only legitimate user can carry out encryption behaviour to sensitive document by triggering credible chip
The operations such as work, covering operation or delete operation.
It should be noted that since the essence for extorting software is that illegal user is added using the soft file to user is extorted
After close, original document covered using encrypted file, or original document is deleted, therefore, for sensitive document, only closed
Method user can carry out cryptographic operation, covering operation or delete to grasp by calling credible chip to obtain file encryption key to file
Make, that is, executing valid operation.
In a kind of optional scheme, as shown in step S37 to step S39 in Fig. 3, based on the essence for extorting software, it is
It avoids extorting software and file is operated, can analyze the operating characteristics of operation, trigger credible chip by judging whether
Cryptographic operation is carried out to file, to determine whether triggering credible chip encrypts file.If it is determined that triggering credible chip is to file
Carry out cryptographic operation, it is determined that triggering credible chip encrypts file, so as to allow legitimate user to carry out covering behaviour to file
Work or delete operation, namely user is allowed to cover/delete original, file credible operates monitoring part can be by the operation requests
Operating system kernel layer is passed back to be responded.Cryptographic operation is carried out to file if it is determined that not triggering credible chip, it is determined that not
It triggers credible chip and encrypts file, can determine that this time operation may be to extort the operation of software execution, in order to protect user's
Sensitive document can prevent user from carrying out covering operation or delete operation to file, namely prevent user cover/delete original text
Part, file credible operation monitoring part can ignore the operation requests, or can directly abandon the operation requests, to operate
System kernel layer can not respond the operation requests.
It should be noted that calling the file encryption stored in credible chip after triggering credible chip encryption file
Key-pair file is encrypted, and in order to open encrypted file, can trigger credible chip, call in credible chip with file
File is decrypted in the corresponding file decryption key of encryption key.
In the above embodiments of the present application, file credible operation monitoring component is also used to judging whether that triggering credible chip adds
Before ciphertext part, judge whether the operating characteristics of operation are encryption behavior, if it is determined that operating characteristics belong to encryption behavior, judgement
Whether credible chip encryption file is triggered.
In a kind of optional scheme, as shown in step S35 in Fig. 3 and step S37, based on the essence for extorting software, it is
It avoids extorting software and file is operated, can first judge that user needs whether the operation carried out to file is encryption behaviour
Make, after determining that user needs to carry out cryptographic operation to file, can further judge whether user passes through and call credible core
Piece obtains file encryption key and carries out cryptographic operation to file, so that whether judgement this time operation is the behaviour for extorting software progress
Make.
In the above embodiments of the present application, file credible operation monitoring component is also used to obtain the comentropy of file destination, sentences
Whether disconnected comentropy reaches encryption threshold value, if it is determined that comentropy reaches encryption threshold value, it is determined that operating characteristics belong to encryption row
Threshold value is not up to encrypted for, if it is determined that comentropy, it is determined that operating characteristics are not belonging to encryption behavior, wherein file destination is
The file that file is covered.
Specifically, above-mentioned file destination can be intended to the file of covering original document;Above-mentioned encryption threshold value can be
Encrypt the standard value of the comentropy of file.
In a kind of optional scheme, in order to judge whether user needs to carry out cryptographic operation to file, desire can be calculated
Whether the comentropy for covering the file of original document reaches the standard value for encrypting the comentropy of file, if reached, it is determined that cover
The file of lid original document is encryption file, that is, can determine that user needs to carry out cryptographic operation to file, it otherwise can be true
Determine user not needing to carry out cryptographic operation to file.
In the above embodiments of the present application, file credible operation monitoring component is also used to obtain object content, judges in target
Hold and whether meet encrypted feature, if it is determined that object content meets encrypted feature, it is determined that operating characteristics belong to encryption behavior, such as
Fruit determines that object content does not meet encrypted feature, it is determined that operating characteristics are not belonging to encryption behavior, wherein object content is to text
The content that part is covered.
Specifically, above-mentioned encrypted feature can be the feature of the content of encryption file.
In a kind of optional scheme, in order to judge whether user needs to carry out cryptographic operation to file, system can be passed through
Meter, machine learning, pattern-recognition method identify whether the content of original document to be covered meets encrypted feature, if accorded with
It closes, it is determined that cover the file of original document for encryption file, that is, can determine that user needs to carry out encryption behaviour to file
Make, otherwise can determine that user does not need to carry out cryptographic operation to file.
In the above embodiments of the present application, file credible operation monitoring component is also used to determining that operating characteristics are not belonging to encrypt
In the case where behavior, execution allows the step of executing valid operation to file.
In a kind of optional scheme, as shown in step S36 in Fig. 3, determining that user do not need to encrypt file
After operation, it can determine that this time operation is not to extort the operation of software execution, can permit user and covering behaviour is carried out to file
Work or delete operation, namely user is allowed to cover/delete original, file credible operates monitoring part can be by the operation requests
Operating system kernel layer is passed back to be responded.
In the above embodiments of the present application, processing unit is also used to judge whether operation is write operation, if it is determined that operation is
Write operation then judges whether the operating characteristics of operation are encryption behavior, if it is determined that operation is read operation, then executing allows to text
Part executes the step of read operation.
In a kind of optional scheme, as shown in the step S33 to step S35 in Fig. 3, based on the essence for extorting software,
File credible, which operates monitoring part, can judge whether user needs to carry out write operation to file, such as by analyzing operating characteristics
Fruit is operated in order to avoid extorting software to file, needs further to judge whether write operation is cryptographic operation;If no
It is that is, user needs to carry out read operation to file, then can determine that this time operation is not to extort the operation of software execution, because
This can permit user and carries out read operation to file, and file credible operation monitoring part passes the operation requests in operating system back
Stratum nucleare is responded.
In the above embodiments of the present application, file credible operation monitoring component is also used to obtain the password mouth of legitimate user's input
It enables, judges whether password password is correct, if it is determined that password password is correct, then executing allows legitimate user legal to file execution
The step of operation, if it is determined that password password mistake then executes and forbids the step of executing valid operation to file.
In a kind of optional scheme, as shown in step S310 in Fig. 3 and step S311, in order to ensure legitimate user is to text
Part carries out valid operation, and file credible operation monitoring part can allow legitimate user to input password password, and judge that user inputs
Password password and franchise password it is whether identical, if identical, it is determined that password password is correct, can determine that this time operation is not
The operation for extorting software execution can permit user and carry out covering operation or delete operation to file, namely allow user cover/
Original is deleted, file credible operation monitoring part can pass the operation requests back operating system kernel layer and respond;Such as
Fruit is not identical, it is determined that password password mistake can prevent user from covering file to protect the sensitive document of user
Operation or delete operation, namely user is prevented to cover/delete original, file credible operation monitoring part can ignore the operation
Request, or the operation requests can be directly abandoned, so that operating system kernel layer can not respond the operation requests.
In the above embodiments of the present application, processing unit is also used to obtain the registration request of legitimate user, generates legitimate user
Franchise password, and receive legitimate user transmission listed files, wherein operation requests be in listed files file carry out
The request of operation.
Specifically, above-mentioned listed files can be intended to protection lists of documents, be provided by legitimate user.
In a kind of optional scheme, legitimate user needs to operate monitoring part to file credible and completes initialization registration,
To become legitimate user, possess corresponding franchise password, and have submitted lists of documents to be protected, wherein file credible operation
Monitoring part is only intercepted and captured to the operation requests that file is operated in lists of documents to be protected.
It should be noted that file credible operation monitoring part can obtain the file of encryption file from TPCM/TPM chip
Encryption key, and be stored in credible chip.
In the above embodiments of the present application, it is flat that file credible operation monitoring part is also used to issue center acquisition from platform credential
Platform certificate, and platform credential is stored in credible chip, wherein platform credential includes: the platform credential and text of legitimate user
The platform credential of part trusted operations monitoring parts.
Specifically, the platform credential that the above-mentioned platform credential center of issuing can be service server cluster issues center,
It is stored with the platform credential of legitimate user and file credible operation monitoring part.
In a kind of optional scheme, legitimate user (referred to as C) and file credible operation monitoring part (referred to as S) from
The platform credential of service server cluster issue center (referred to as PCA) obtain respectively respective platform credential Cert_AIKC and
Cert_AIKS, wherein respective platform public key be AIKpk_C and AIKpk_S, respective platform private key be AIKpriv_C and
AIKpriv_S, respective platform private key are stored in respective TPCM/TPM chip.PCA also has the platform credential Cert_ of oneself
The AIKPCA and public and private key AIKpk_PCA and AIKpriv_PCA of platform identity.It is intended to lead to moreover, C and S can be obtained from PCA
Believe the platform identity public key and platform credential of object.
Embodiment 2
According to the embodiment of the present application, a kind of embodiment of document handling method is additionally provided, it should be noted that in attached drawing
Process the step of illustrating can execute in a computer system such as a set of computer executable instructions, although also,
Logical order is shown in flow charts, but in some cases, can be executed with the sequence for being different from herein it is shown or
The step of description.
Embodiment of the method provided by the embodiment of the present application one can be in mobile terminal, terminal or similar fortune
It calculates and is executed in device.Fig. 4 shows a kind of hardware of terminal (or mobile device) for realizing document handling method
Structural block diagram.As shown in figure 4, terminal 40 (or mobile device 40) may include it is one or more (in figure using 402a,
402b ... ..., 402n are shown) (processor 402 can include but is not limited to Micro-processor MCV or programmable patrols processor 402
The processing unit of volume device FPGA etc.), memory 404 for storing data and the transmitting device for communication function
406.It in addition to this, can also include: display, input/output interface (I/O interface), the port universal serial bus (USB)
(a port that can be used as in the port of I/O interface is included), network interface, power supply and/or camera.The common skill in this field
Art personnel are appreciated that structure shown in Fig. 4 is only to illustrate, and do not cause to limit to the structure of above-mentioned electronic device.For example,
Terminal 40 may also include the more perhaps less component than shown in Fig. 4 or match with different from shown in Fig. 4
It sets.
It is to be noted that said one or multiple processors 402 and/or other data processing circuits lead to herein
Can often " data processing circuit " be referred to as.The data processing circuit all or part of can be presented as software, hardware, firmware
Or any other combination.In addition, data processing circuit for single independent judgment module or all or part of can be integrated to meter
In any one in other elements in calculation machine terminal 40 (or mobile device).As involved in the embodiment of the present application,
The data processing circuit controls (such as the selection for the variable resistance end path connecting with interface) as a kind of processor.
Memory 404 can be used for storing the software program and module of application software, such as the file in the embodiment of the present application
Corresponding program instruction/the data storage device of processing method, the software that processor 402 is stored in memory 404 by operation
Program and module realize above-mentioned document handling method thereby executing various function application and data processing.Memory
404 may include high speed random access memory, may also include nonvolatile memory, and such as one or more magnetic storage device dodges
It deposits or other non-volatile solid state memories.In some instances, memory 404 can further comprise relative to processor
402 remotely located memories, these remote memories can pass through network connection to terminal 40.The reality of above-mentioned network
Example includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Transmitting device 406 is used to that data to be received or sent via a network.Above-mentioned network specific example may include
The wireless network that the communication providers of terminal 40 provide.In an example, transmitting device 406 includes that a network is suitable
Orchestration (Network Interface Controller, NIC), can be connected by base station with other network equipments so as to
Internet is communicated.In an example, transmitting device 106 can be radio frequency (Radio Frequency, RF) module,
For wirelessly being communicated with internet.
Display can such as touch-screen type liquid crystal display (LCD), the liquid crystal display aloow user with
The user interface of terminal 40 (or mobile device) interacts.
Herein it should be noted that in some optional embodiments, above-mentioned computer equipment shown in Fig. 4 (or movement is set
It is standby) it may include hardware element (including circuit), software element (including the computer generation that may be stored on the computer-readable medium
Code) or both hardware element and software element combination.It should be pointed out that Fig. 1 is only a reality of particular embodiment
Example, and it is intended to show that the type for the component that may be present in above-mentioned computer equipment (or mobile device).
Under above-mentioned running environment, this application provides document handling methods as shown in Figure 5.Fig. 5 is according to the application
A kind of flow chart of document handling method of embodiment 2.As shown in figure 5, this method may include steps of:
Step S52 monitors the operation requests operated to file.
Specifically, file credible can be increased in the operating system kernel layer for possessing the host of TPCM or TPM credible chip
Monitoring part is operated, which is used to intercept and capture all programs to the operation behavior of file, and above-mentioned host can be smart phone
The mobile devices such as (including Android phone and IOS mobile phone), tablet computer, IPAD, palm PC, are also possible to PC computer, pen
Remember that the computer equipments such as this computer, the application are not specifically limited in this embodiment;Above-mentioned file can be cannot be by other in host
The sensitive document that user arbitrarily modifies, deletes is also possible to the sensitive document that user is not intended to other people arbitrarily to modify, delete, example
Such as, for commercial user, sensitive document can be the files such as contract documents, customer information file, if above-mentioned file pays through the nose
Software kidnapping, can bring massive losses to user;Above-mentioned operation may include: write operation, read operation, can specifically include and adds
Operation, the application such as close operation, covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can basis
Actual treatment needs are defined.
Step S54 obtains the operating characteristics of operation if monitoring operation requests.
Specifically, different operations has different operating characteristics, and operating characteristics can characterize specifically which type of
Operation, and whether credible chip is called to operate etc..
Step S56 analyzes operating characteristics, determines that triggering credible chip encrypts file.
It should be noted that since the quantity of documents stored in host is more, it, can be only in order to promote file activity
Sensitive document is monitored, and no longer All Files are monitored.
In a kind of optional scheme, in computer security application scenarios, TPCM or TPM can possessed in advance
The operating system kernel layer of credible chip host increases file credible and operates monitoring part, operates monitoring part by file credible
The operation requests to file are intercepted and captured, especially to the operation of sensitive document, that is, whenever file credible operation monitoring part monitoring
When to the operation requests operated to sensitive document, which is intercepted, avoids operating system to this operation
Request is responded.After file credible operation monitoring part intercepts operation, the operation of the available operation is special
Sign, and operating characteristics are analyzed, judge whether the operation triggers credible chip encryption file, if it is determined that do not trigger, then
It can determine that this time operation is illegal operation, in order to protect sensitive document, can forbid this time operating file execution,
To which operating system does not respond this operation;If it is determined that triggering, then can determine this time operation be legitimate user into
Capable valid operation can permit and execute this time operation to file, thus what file credible operation monitoring part release was intercepted
Operation requests, operating system can respond this operation, complete corresponding operation.
Scheme provided by the above embodiments of the present application 2 can monitor the operation requests operated to file in real time, when
When monitoring operation requests, the operating characteristics of the available operation, and operating characteristics are analyzed, it determines and triggers credible core
Piece encrypts file, to realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file
Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice
Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host
Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved
About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 2 provided by the present application as a result,
The low and at high cost technical problem of exactness.
In the above embodiments of the present application, step S56 analyzes operating characteristics, determines that triggering credible chip encrypts file, can be with
Include the following steps:
Step S562 judges whether that triggering credible chip carries out cryptographic operation to file, and credible chip is used for using internal
The key of storage encrypts or decryption file.
Wherein, if triggering credible chip carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and
Execute the step of allowing legitimate user to execute valid operation to file;Encryption behaviour is carried out to file if not triggering credible chip
Make, it is determined that do not trigger credible chip encryption file, and execute and forbid the step of valid operation is executed to file.
Specifically, above-mentioned credible chip can be credible chip as shown in Figure 2, and credible chip storage inside has to text
Part carries out the separate keys of cryptographic operation or decryption oprerations, by calling credible chip that can trigger credible chip encryption text
Part carries out cryptographic operation, covering operation or delete operation to file;Above-mentioned legitimate user can be the owner of file, or
Person possesses the user of operating privilege, only legitimate user can by triggering credible chip to sensitive document carry out cryptographic operation,
The operation such as covering operation or delete operation.
It should be noted that since the essence for extorting software is that illegal user is added using the soft file to user is extorted
After close, original document covered using encrypted file, or original document is deleted, therefore, for sensitive document, only closed
Method user can carry out cryptographic operation, covering operation or delete to grasp by calling credible chip to obtain file encryption key to file
Make, that is, executing valid operation.
In a kind of optional scheme, as shown in step S37 to step S39 in Fig. 3, based on the essence for extorting software, it is
It avoids extorting software and file is operated, can analyze the operating characteristics of operation, trigger credible chip by judging whether
Cryptographic operation is carried out to file, to determine whether triggering credible chip encrypts file.If it is determined that triggering credible chip is to file
Carry out cryptographic operation, it is determined that triggering credible chip encrypts file, so as to allow legitimate user to carry out covering behaviour to file
Work or delete operation, namely user is allowed to cover/delete original, file credible operates monitoring part can be by the operation requests
Operating system kernel layer is passed back to be responded.Cryptographic operation is carried out to file if it is determined that not triggering credible chip, it is determined that not
It triggers credible chip and encrypts file, can determine that this time operation may be to extort the operation of software execution, in order to protect user's
Sensitive document can prevent user from carrying out covering operation or delete operation to file, namely prevent user cover/delete original text
Part, file credible operation monitoring part can ignore the operation requests, or can directly abandon the operation requests, to operate
System kernel layer can not respond the operation requests.
It should be noted that calling the file encryption stored in credible chip after triggering credible chip encryption file
Key-pair file is encrypted, and in order to open encrypted file, can trigger credible chip, call in credible chip with file
File is decrypted in the corresponding file decryption key of encryption key.
In the above embodiments of the present application, in step S56, before judging whether to trigger credible chip encryption file, this method
It can also include the following steps:
Step S510 judges whether the operating characteristics of operation are encryption behavior.
Step S512, if it is determined that operating characteristics belong to encryption behavior, judge whether to trigger credible chip encryption file.
In a kind of optional scheme, as shown in step S35 in Fig. 3 and step S37, based on extort software essence in order to
It avoids extorting software and file is operated, can first judge that user needs whether the operation carried out to file is cryptographic operation,
After determining that user needs to carry out cryptographic operation to file, it can further judge whether user passes through and credible chip is called to obtain
File encryption key is taken to carry out cryptographic operation to file, so that whether judgement this time operation is the operation for extorting software progress.
In the above embodiments of the present application, step S510 judges whether the operating characteristics of operation are encryption behavior, may include
Following steps:
Step S5101 obtains the comentropy of file destination, wherein file destination is the file covered to file.
Specifically, above-mentioned file destination can be intended to the file of covering original document.
Step S5102, judges whether comentropy reaches encryption threshold value.
Specifically, above-mentioned encryption threshold value can be the standard value of the comentropy of encryption file.
Step S5103, if it is determined that comentropy reaches encryption threshold value, it is determined that operating characteristics belong to encryption behavior.
Step S5104, if it is determined that comentropy not up to encrypts threshold value, it is determined that operating characteristics are not belonging to encryption behavior.
In a kind of optional scheme, in order to judge whether user needs to carry out cryptographic operation to file, desire can be calculated
Whether the comentropy for covering the file of original document reaches the standard value for encrypting the comentropy of file, if reached, it is determined that cover
The file of lid original document is encryption file, that is, can determine that user needs to carry out cryptographic operation to file, it otherwise can be true
Determine user not needing to carry out cryptographic operation to file.
In the above embodiments of the present application, step S510 judges whether the operating characteristics of operation are encryption behavior, may include
Following steps:
Step S5106 obtains object content, wherein object content is the content covered to file.
Step S5107, judges whether object content meets encrypted feature.
Specifically, above-mentioned encrypted feature can be the feature of the content of encryption file.
Step S5108, if it is determined that object content meets encrypted feature, it is determined that operating characteristics belong to encryption behavior.
Step S5109, if it is determined that object content does not meet encrypted feature, it is determined that operating characteristics are not belonging to encryption row
For.
In a kind of optional scheme, in order to judge whether user needs to carry out cryptographic operation to file, system can be passed through
Meter, machine learning, pattern-recognition method identify whether the content of original document to be covered meets encrypted feature, if accorded with
It closes, it is determined that cover the file of original document for encryption file, that is, can determine that user needs to carry out encryption behaviour to file
Make, otherwise can determine that user does not need to carry out cryptographic operation to file.
In the above embodiments of the present application, in the case where determining that operating characteristics are not belonging to encryption behavior, execution allows to text
Part executes the step of valid operation.
In a kind of optional scheme, as shown in step S36 in Fig. 3, determining that user do not need to encrypt file
After operation, it can determine that this time operation is not to extort the operation of software execution, can permit user and covering behaviour is carried out to file
Work or delete operation, namely user is allowed to cover/delete original, file credible operates monitoring part can be by the operation requests
Operating system kernel layer is passed back to be responded.
It,, should before whether the operating characteristics for judging operation are encryption behavior in step S510 in the above embodiments of the present application
Method can also include the following steps:
Step S514 judges whether operation is write operation.
Step S516, if it is determined that operation is write operation, then judges whether the operating characteristics of operation are encryption behavior.
Step S518, if it is determined that operation is read operation, then executing allows the step of executing read operation to file.
In a kind of optional scheme, as shown in the step S33 to step S35 in Fig. 3, based on the essence for extorting software,
File credible, which operates monitoring part, can judge whether user needs to carry out write operation to file, such as by analyzing operating characteristics
Fruit is operated in order to avoid extorting software to file, needs further to judge whether write operation is cryptographic operation;If no
It is that is, user needs to carry out read operation to file, then can determine that this time operation is not to extort the operation of software execution, because
This can permit user and carries out read operation to file, and file credible operation monitoring part passes the operation requests in operating system back
Stratum nucleare is responded.
In the above embodiments of the present application, in step S58, before allowing legitimate user to execute valid operation to file, the party
Method can also include the following steps:
Step S520 obtains the password password of legitimate user's input.
Step S522 judges whether password password is correct.
Step S524, if it is determined that password password is correct, then executing allows legitimate user to execute valid operation to file
Step.
Step S526, if it is determined that password password mistake then executes and forbids the step of executing valid operation to file.
In a kind of optional scheme, as shown in step S310 in Fig. 3 and step S311, in order to ensure legitimate user is to text
Part carries out valid operation, and file credible operation monitoring part can allow legitimate user to input password password, and judge that user inputs
Password password and franchise password it is whether identical, if identical, it is determined that password password is correct, can determine that this time operation is not
The operation for extorting software execution can permit user and carry out covering operation or delete operation to file, namely allow user cover/
Original is deleted, file credible operation monitoring part can pass the operation requests back operating system kernel layer and respond;Such as
Fruit is not identical, it is determined that password password mistake can prevent user from covering file to protect the sensitive document of user
Operation or delete operation, namely user is prevented to cover/delete original, file credible operation monitoring part can ignore the operation
Request, or the operation requests can be directly abandoned, so that operating system kernel layer can not respond the operation requests.
In the above embodiments of the present application, before step S520, the password password for obtaining legitimate user's input, this method is also
It may include steps of:
Step S528 obtains the registration request of legitimate user.
Step S530 generates the franchise password of legitimate user.
Step S532 receives the listed files that legitimate user sends, wherein operation requests are to the file in listed files
The request operated.
Specifically, above-mentioned listed files can be intended to protection lists of documents, be provided by legitimate user.
In a kind of optional scheme, legitimate user needs to operate monitoring part to file credible and completes initialization registration,
To become legitimate user, possess corresponding franchise password, and have submitted lists of documents to be protected, wherein file credible operation
Monitoring part is only intercepted and captured to the operation requests that file is operated in lists of documents to be protected.
It should be noted that file credible operation monitoring part can obtain the file of encryption file from TPCM/TPM chip
Encryption key, and be stored in credible chip.
In the above embodiments of the present application, before step S528, the registration request for obtaining legitimate user, this method can be with
Include the following steps:
Step S534 issues center from platform credential and obtains platform credential, wherein platform credential includes: legitimate user's
The platform credential of platform credential and file credible operation monitoring component.
Specifically, the platform credential that the above-mentioned platform credential center of issuing can be service server cluster issues center,
It is stored with the platform credential of legitimate user and file credible operation monitoring part.
Step S536, platform credential is stored in credible chip.
In a kind of optional scheme, legitimate user (referred to as C) and file credible operation monitoring part (referred to as S) from
The platform credential of service server cluster issue center (referred to as PCA) obtain respectively respective platform credential Cert_AIKC and
Cert_AIKS, wherein respective platform public key be AIKpk_C and AIKpk_S, respective platform private key be AIKpriv_C and
AIKpriv_S, respective platform private key are stored in respective TPCM/TPM chip.PCA also has the platform credential Cert_ of oneself
The AIKPCA and public and private key AIKpk_PCA and AIKpriv_PCA of platform identity.It is intended to lead to moreover, C and S can be obtained from PCA
Believe the platform identity public key and platform credential of object.
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of
Combination of actions, but those skilled in the art should understand that, the application is not limited by the described action sequence because
According to the application, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know
It knows, the embodiments described in the specification are all preferred embodiments, related actions and modules not necessarily the application
It is necessary.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much
In the case of the former be more preferably embodiment.Based on this understanding, the technical solution of the application is substantially in other words to existing
The part that technology contributes can be embodied in the form of software products, which is stored in a storage
In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate
Machine, server or network equipment etc.) execute method described in each embodiment of the application.
Embodiment 3
According to the embodiment of the present application, additionally provide it is a kind of for implementing the document handling apparatus of above-mentioned document handling method,
As shown in fig. 6, the device 600 includes: monitoring module 602, obtains module 604 and determining module 606.
Wherein, monitoring module 602 is for monitoring the operation requests operated to file;If obtaining module 604 to be used for
Operation requests are monitored, the operating characteristics of operation are obtained;Determining module 606 determines for analyzing operating characteristics and triggers credible core
Piece encrypts file.
Specifically, file credible can be increased in the operating system kernel layer for possessing the host of TPCM or TPM credible chip
Monitoring part is operated, which is used to intercept and capture all programs to the operation behavior of file, and above-mentioned host can be smart phone
The mobile devices such as (including Android phone and IOS mobile phone), tablet computer, IPAD, palm PC, are also possible to PC computer, pen
Remember that the computer equipments such as this computer, the application are not specifically limited in this embodiment;Above-mentioned file can be cannot be by other in host
The sensitive document that user arbitrarily modifies, deletes is also possible to the sensitive document that user is not intended to other people arbitrarily to modify, delete, example
Such as, for commercial user, sensitive document can be the files such as contract documents, customer information file, if above-mentioned file pays through the nose
Software kidnapping, can bring massive losses to user;Above-mentioned operation may include: write operation, read operation, can specifically include and adds
Operation, the application such as close operation, covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can basis
Actual treatment needs are defined, and different operations have a different operating characteristics, operating characteristics can characterize specifically which kind of
The operation of type, and whether credible chip is called to operate etc..
Herein it should be noted that above-mentioned monitoring module 602, acquisition module 604 and determining module 606 correspond to embodiment
Step S52 to step S56 in 2, three modules are identical as example and application scenarios that corresponding step is realized, but are not limited to
2 disclosure of that of above-described embodiment.It should be noted that above-mentioned module may operate in embodiment as a part of device
In 2 terminals 10 provided.
Scheme provided by the above embodiments of the present application 3 can monitor the operation requests operated to file in real time, when
When monitoring operation requests, the operating characteristics of the available operation, and operating characteristics are analyzed, it determines and triggers credible core
Piece encrypts file, to realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file
Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice
Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host
Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved
About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 3 provided by the present application as a result,
The low and at high cost technical problem of exactness.
In the above embodiments of the present application, judgment module is also used to judge whether that triggering credible chip carries out encryption behaviour to file
Make, credible chip is used for key encryption or decryption file using storage inside;If execution module is also used to trigger credible core
Piece carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and executing allows legitimate user to execute file
The step of valid operation, carries out cryptographic operation to file if not triggering credible chip, it is determined that do not trigger credible chip encryption
File, and execute and forbid the step of valid operation is executed to file.
In the above embodiments of the present application, judgment module is also used to judge whether the operating characteristics of operation are encryption behavior, such as
Fruit determines that operating characteristics belong to encryption behavior, judges whether to trigger credible chip encryption file.
In the above embodiments of the present application, judgment module includes: acquiring unit, judging unit and determination unit.
Wherein, acquiring unit is used to obtain the comentropy of file destination, wherein file destination covers file
File;Judging unit is for judging whether comentropy reaches encryption threshold value;Determination unit be used for if it is determined that comentropy reach plus
Close threshold value, it is determined that operating characteristics belong to encryption behavior, if it is determined that comentropy not up to encrypts threshold value, it is determined that operating characteristics
It is not belonging to encryption behavior.
In the above embodiments of the present application, judgment module includes: acquiring unit, judging unit and determination unit.
Wherein, acquiring unit is for obtaining object content, wherein object content is the content covered to file;Sentence
Disconnected unit is for judging whether object content meets encrypted feature;Determination unit is used for if it is determined that object content meets encryption spy
Sign, it is determined that operating characteristics belong to encryption behavior, if it is determined that object content does not meet encrypted feature, it is determined that operating characteristics are not
Belong to encryption behavior.
In the above embodiments of the present application, execution module is also used to determining the case where operating characteristics are not belonging to encryption behavior
Under, execution allows the step of executing valid operation to file.
In the above embodiments of the present application, judgment module is also used to judge whether operation is write operation, if it is determined that operation is
Write operation then judges whether to trigger credible chip encryption file;Execution module is also used to if it is determined that operating is read operation, then is held
Row allows the step of executing read operation to file.
In the above embodiments of the present application, the password password that module is also used to obtain legitimate user's input is obtained;Judgment module
For judging whether password password is correct;Execution module is also used to if it is determined that password password is correct, then executing allows legal use
The step of family executes valid operation to file, if it is determined that password password mistake then executes and forbids executing valid operation to file
The step of.
In the above embodiments of the present application, the device further include: generation module and receiving module.
Wherein, the registration request that module is also used to obtain legitimate user is obtained;Generation module is for generating legitimate user's
Franchise password;Receiving module, for receiving the listed files of legitimate user's transmission, wherein operation requests are in listed files
The request that is operated of file.
In the above embodiments of the present application, the device further include: memory module.
Wherein, it obtains module and is also used to issue center from platform credential and obtain platform credential, wherein platform credential includes:
The platform credential of legitimate user and the platform credential of file credible operation monitoring component;Memory module is also used to deposit platform credential
Storage is in credible chip.
Embodiment 4
According to the embodiment of the present application, a kind of embodiment of data processing method is additionally provided, it should be noted that in attached drawing
Process the step of illustrating can execute in a computer system such as a set of computer executable instructions, although also,
Logical order is shown in flow charts, but in some cases, can be executed with the sequence for being different from herein it is shown or
The step of description.
Fig. 7 is the flow chart according to a kind of data processing method of the embodiment of the present application 4.As shown in fig. 7, this method can be with
Include the following steps:
Step S72 obtains the operation requests operated to data, wherein operation requests include operation code.
Specifically, file credible can be increased in the operating system kernel layer for possessing the host of TPCM or TPM credible chip
Monitoring part is operated, which is used to intercept and capture all programs to the operation behavior of file, and above-mentioned host can be smart phone
The mobile devices such as (including Android phone and IOS mobile phone), tablet computer, IPAD, palm PC, are also possible to PC computer, pen
Remember that the computer equipments such as this computer, the application are not specifically limited in this embodiment;Above-mentioned data can be stored in cannot in host
The data in sensitive document arbitrarily modified by other users, deleted, are also possible to user and other people are not intended to arbitrarily to modify, delete
Sensitive document in data, for example, sensitive document can be the texts such as contract documents, customer information file for commercial user
Data in part, if file pays through the nose, software kidnapping leads to not read data or data and be tampered to lead to error in data,
Massive losses will be brought to user;Above-mentioned operation may include: write operation, read operation, can specifically include cryptographic operation,
Operation, the application such as covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can be according to practical place
Reason needs to be defined;The operation of each type is corresponding with an operation code in operating system, and operating system is receiving behaviour
After requesting, it is which type of can to determine that user needs specifically to carry out data according to the operation code for including in operation requests
Operation.
Step S74 determines triggering credible chip encryption data, wherein it is special that operation code corresponds to operation according to operation code
Sign.
Specifically, different operations has different operating characteristics, and operating characteristics can characterize specifically which type of
Operation, and whether credible chip is called to operate etc., according to the operation code in operation requests, it can determine corresponding operation
Feature may further determine and need to carry out which type of operation.
It should be noted that above-mentioned data can be the data of storage hereof, carrying out operation to data be can be
File is operated, is illustrated for being operated to file in the embodiment of the present application.Due to what is stored in host
Quantity of documents is more, in order to promote file activity, can only be monitored to sensitive document, and no longer to All Files into
Row monitoring.
In a kind of optional scheme, in computer security application scenarios, TPCM or TPM can possessed in advance
The operating system kernel layer of credible chip host increases file credible and operates monitoring part, operates monitoring part by file credible
The operation requests to file are intercepted and captured, especially to the operation of sensitive document, that is, whenever file credible operation monitoring part monitoring
When to the operation requests operated to sensitive document, which is intercepted, avoids operating system to this operation
Request is responded.After file credible operation monitoring part intercepts operation, the operation of the available operation is special
Sign, and operating characteristics are analyzed, judge whether the operation triggers credible chip encryption file, if it is determined that do not trigger, then
It can determine that this time operation is illegal operation, in order to protect sensitive document, can forbid this time operating file execution,
To which operating system does not respond this operation;If it is determined that triggering, then can determine this time operation be legitimate user into
Capable valid operation can permit and execute this time operation to file, thus what file credible operation monitoring part release was intercepted
Operation requests, operating system can respond this operation, complete corresponding operation.
Scheme provided by the above embodiments of the present application 4 can obtain the operation requests operated to data, In in real time
After getting operation requests, can be requested with extraction operation in operation code determine that triggering credible chip adds and according to operation code
Ciphertext part, to realize that the purpose that software operates data is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user by credible chip encryption data, just allows to execute data
Covering operation or delete operation without backing up to data, are largely deposited compared with prior art without mating sacrifice
Storage space stores Backup Data;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host
A small amount of legitimate user of operable data is managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved
About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 4 provided by the present application as a result,
The low and at high cost technical problem of exactness.
Embodiment 5
According to the embodiment of the present application, additionally provide it is a kind of for implementing the document handling apparatus of above-mentioned data processing method,
As shown in figure 8, the device 800 includes: to obtain module 802 and determining module 804.
Wherein, module 802 is obtained for obtaining the operation requests operated to data, wherein operation requests include behaviour
Make code;Determining module 804 is used to determine triggering credible chip encryption data, wherein operation code corresponds to operation according to operation code
Feature.
Specifically, file credible can be increased in the operating system kernel layer for possessing the host of TPCM or TPM credible chip
Monitoring part is operated, which is used to intercept and capture all programs to the operation behavior of file, and above-mentioned host can be smart phone
The mobile devices such as (including Android phone and IOS mobile phone), tablet computer, IPAD, palm PC, are also possible to PC computer, pen
Remember that the computer equipments such as this computer, the application are not specifically limited in this embodiment;Above-mentioned data can be stored in cannot in host
The data in sensitive document arbitrarily modified by other users, deleted, are also possible to user and other people are not intended to arbitrarily to modify, delete
Sensitive document in data, for example, sensitive document can be the texts such as contract documents, customer information file for commercial user
Data in part, if file pays through the nose, software kidnapping leads to not read data or data and be tampered to lead to error in data,
Massive losses will be brought to user;Above-mentioned operation may include: write operation, read operation, can specifically include cryptographic operation,
Operation, the application such as covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can be according to practical place
Reason needs to be defined;The operation of each type is corresponding with an operation code in operating system, and operating system is receiving behaviour
After requesting, it is which type of can to determine that user needs specifically to carry out data according to the operation code for including in operation requests
Operation;Different operations have different operating characteristics, and operating characteristics can characterize specifically which type of operation, Yi Jishi
No calling credible chip operates etc., according to the operation code in operation requests, can determine corresponding operation feature, further
It can determine and need to carry out which type of operation.
Herein it should be noted that above-mentioned acquisition module 802 and determining module 804 correspond to the step S72 in embodiment 4
To step S74, two modules are identical as example and application scenarios that corresponding step is realized, but are not limited to the above embodiments 4
Disclosure of that.It should be noted that above-mentioned module may operate in the calculating of the offer of embodiment 2 as a part of device
In machine terminal 10.
Scheme provided by the above embodiments of the present application 5 can obtain the operation requests operated to data, In in real time
After getting operation requests, can be requested with extraction operation in operation code determine that triggering credible chip adds and according to operation code
Ciphertext part, to realize that the purpose that software operates data is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user by credible chip encryption data, just allows to execute data
Covering operation or delete operation without backing up to data, are largely deposited compared with prior art without mating sacrifice
Storage space stores Backup Data;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host
A small amount of legitimate user of operable data is managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved
About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 5 provided by the present application as a result,
The low and at high cost technical problem of exactness.
Embodiment 6
According to the embodiment of the present application, a kind of document handling system is additionally provided, comprising:
Processor.And
Memory is connect with processor, for providing the instruction for handling following processing step for processor: monitoring is to file
The operation requests operated;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determine touching
It sends out credible chip and encrypts file.
Scheme provided by the above embodiments of the present application 6 can monitor the operation requests operated to file in real time, when
When monitoring operation requests, the operating characteristics of the available operation, and operating characteristics are analyzed, it determines and triggers credible core
Piece encrypts file, to realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file
Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice
Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host
Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved
About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 6 provided by the present application as a result,
The low and at high cost technical problem of exactness.
Embodiment 7
Embodiments herein can provide a kind of terminal, which can be in terminal group
Any one computer terminal.Optionally, in the present embodiment, above-mentioned terminal also could alternatively be mobile whole
The terminal devices such as end.
Optionally, in the present embodiment, above-mentioned terminal can be located in multiple network equipments of computer network
At least one network equipment.
In the present embodiment, above-mentioned terminal can execute the program code of following steps in document handling method:
Monitor the operation requests operated to file;If monitoring operation requests, the operating characteristics of operation are obtained;Analysis operation is special
Sign determines that triggering credible chip encrypts file.
Optionally, Fig. 9 is the structural block diagram according to a kind of terminal of the embodiment of the present application.As shown in figure 9, the meter
Calculation machine terminal A may include: one or more (one is only shown in figure) processors 902 and memory 904.
Wherein, memory can be used for storing software program and module, such as the document handling method in the embodiment of the present application
Program instruction/module corresponding with device, the software program and module that processor is stored in memory by operation, thus
Application and data processing are performed various functions, that is, realizes above-mentioned document handling method.Memory may include that high speed is deposited at random
Reservoir, can also include nonvolatile memory, such as one or more magnetic storage device, flash memory or other are non-volatile
Property solid-state memory.In some instances, memory can further comprise the memory remotely located relative to processor, these
Remote memory can pass through network connection to terminal A.The example of above-mentioned network includes but is not limited to internet, enterprises
Net, local area network, mobile radio communication and combinations thereof.
Processor can call the information and application program of memory storage by transmitting device, to execute following step:
Monitor the operation requests operated to file;If monitoring operation requests, the operating characteristics of operation are obtained;Analysis operation is special
Sign determines that triggering credible chip encrypts file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: judging whether to trigger credible chip pair
File carries out cryptographic operation, and credible chip is used for key encryption or decryption file using storage inside;Wherein, if triggering can
Believe that chip carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and executing allows legitimate user to file
The step of executing valid operation;Cryptographic operation is carried out to file if not triggering credible chip, it is determined that do not trigger credible chip
File is encrypted, and executes and forbids the step of valid operation is executed to file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: judging whether to trigger credible chip
Before encrypting file, judge whether the operating characteristics of operation are encryption behavior;If it is determined that operating characteristics belong to encryption behavior, sentence
It is disconnected whether to trigger credible chip encryption file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: the comentropy of file destination is obtained,
In, file destination is the file covered to file;Judge whether comentropy reaches encryption threshold value;If it is determined that comentropy reaches
To encryption threshold value, it is determined that operating characteristics belong to encryption behavior;If it is determined that comentropy not up to encrypts threshold value, it is determined that operation
Feature is not belonging to encryption behavior.
Optionally, the program code of following steps can also be performed in above-mentioned processor: obtaining object content, wherein target
Content is the content covered to file;Judge whether object content meets encrypted feature;If it is determined that object content meets
Encrypted feature, it is determined that operating characteristics belong to encryption behavior;If it is determined that object content does not meet encrypted feature, it is determined that operation
Feature is not belonging to encryption behavior.
Optionally, the program code of following steps can also be performed in above-mentioned processor: determine operating characteristics be not belonging to plus
In the case that space-in is, execution allows the step of executing valid operation to file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: being in the operating characteristics of judgement operation
It is no before encryption behavior, to judge whether operation is write operation;If it is determined that operation is write operation, then judge that the operation of operation is special
Whether sign is encryption behavior;If it is determined that operation is read operation, then executing allows the step of executing read operation to file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: legitimate user being allowed to hold file
Before row valid operation, the password password of legitimate user's input is obtained;Judge whether password password is correct;If password password is just
Really, then the step of allowing legitimate user to execute valid operation to file is executed;If it is determined that password password mistake, then execute and forbid
The step of valid operation is executed to file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: obtaining the close of legitimate user's input
Before code password, the registration request of legitimate user is obtained;Generate the franchise password of legitimate user;Receive the text that legitimate user sends
Part list, wherein operation requests are the request operated to the file in listed files.
Optionally, the program code of following steps can also be performed in above-mentioned processor: asking in the registration for obtaining legitimate user
Before asking, from platform credential issue center obtain platform credential, wherein platform credential include: legitimate user platform credential and
The platform credential of file credible operation monitoring component;Platform credential is stored in credible chip.
Using the embodiment of the present application, the operation requests operated to file can be monitored in real time, asked when monitoring operation
When asking, the operating characteristics of the available operation, and operating characteristics are analyzed, further determine whether triggering credible chip
Encrypt file, if it is determined that triggering credible chip encrypts file, then legitimate user is allowed to execute valid operation to file, thus real
It now identifies and prevents to extort the purpose that software operates file.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file
Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice
Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host
Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved
About management cost improves processing accuracy, promotes the technical effect of user experience.
It is low and at high cost to solve document handling method processing accuracy in the prior art for scheme provided by the present application as a result,
The technical issues of.
It will appreciated by the skilled person that structure shown in Fig. 9 is only to illustrate, terminal is also possible to intelligence
It can mobile phone (such as Android phone, iOS mobile phone), tablet computer, applause computer and mobile internet device (Mobile
Internet Devices, MID), the terminal devices such as PAD.Fig. 9 it does not cause to limit to the structure of above-mentioned electronic device.Example
Such as, terminal A may also include the more or less component (such as network interface, display device) than shown in Fig. 9, or
Person has the configuration different from shown in Fig. 9.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can
It is completed with instructing the relevant hardware of terminal device by program, which can store in a computer readable storage medium
In, storage medium may include: flash disk, read-only memory (Read-Only Memory, ROM), random access device (Random
Access Memory, RAM), disk or CD etc..
Embodiment 8
Embodiments herein additionally provides a kind of storage medium.Optionally, in the present embodiment, above-mentioned storage medium can
For saving program code performed by document handling method provided by above-described embodiment one.
Optionally, in the present embodiment, above-mentioned storage medium can be located in computer network in computer terminal group
In any one terminal, or in any one mobile terminal in mobile terminal group.
Optionally, in the present embodiment, storage medium is arranged to store the program code for executing following steps: prison
Control the operation requests operated to file;If monitoring operation requests, the operating characteristics of operation are obtained;Analysis operation is special
Sign determines that triggering credible chip encrypts file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: judging whether
It triggers credible chip and cryptographic operation is carried out to file, credible chip is used for key encryption or decryption file using storage inside;
Wherein, if triggering credible chip carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and executes permission
The step of legitimate user executes valid operation to file;Cryptographic operation is carried out to file if not triggering credible chip, it is determined that
Credible chip encryption file is not triggered, and is executed and forbidden the step of valid operation is executed to file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: being in judgement
Before no triggering credible chip encryption file, judge whether the operating characteristics of operation are encryption behavior;If it is determined that operating characteristics
Belong to encryption behavior, judges whether to trigger credible chip encryption file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: obtaining target
The comentropy of file, wherein file destination is the file covered to file;Judge whether comentropy reaches encryption threshold value;
If it is determined that comentropy reaches encryption threshold value, it is determined that operating characteristics belong to encryption behavior;If it is determined that comentropy not up to adds
Close threshold value, it is determined that operating characteristics are not belonging to encryption behavior.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: obtaining target
Content, wherein object content is the content covered to file;Judge whether object content meets encrypted feature;If really
The content that sets the goal meets encrypted feature, it is determined that operating characteristics belong to encryption behavior;If it is determined that object content does not meet encryption
Feature, it is determined that operating characteristics are not belonging to encryption behavior.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: grasping determining
In the case where encryption behavior is not belonging to as feature, execution allows the step of executing valid operation to file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: grasping in judgement
Before whether the operating characteristics of work are encryption behavior, judge whether operation is write operation;If it is determined that operation is write operation, then sentence
Whether the operating characteristics of disconnected operation are encryption behavior;If it is determined that operation is read operation, then executes to allow to execute file and read behaviour
The step of making.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: allowing to close
Before method user executes valid operation to file, the password password of legitimate user's input is obtained;Judge whether password password is correct;
If password password is correct, the step of allowing legitimate user to execute valid operation to file is executed;If it is determined that password password
Mistake then executes and forbids the step of executing valid operation to file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: closing obtaining
Before the password password of method user input, the registration request of legitimate user is obtained;Generate the franchise password of legitimate user;It receives and closes
The listed files that method user sends, wherein operation requests are the request operated to the file in listed files.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: closing obtaining
Before the registration request of method user, center is issued from platform credential and obtains platform credential, wherein platform credential includes: legal use
The platform credential at family and the platform credential of file credible operation monitoring component;Platform credential is stored in credible chip.
Above-mentioned the embodiment of the present application serial number is for illustration only, does not represent the advantages or disadvantages of the embodiments.
In above-described embodiment of the application, all emphasizes particularly on different fields to the description of each embodiment, do not have in some embodiment
The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others
Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, only
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module
It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the application whole or
Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code
Medium.
The above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art
For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered
It is considered as the protection scope of the application.
Claims (15)
1. a kind of document handling method characterized by comprising
Monitor the operation requests operated to file;
If monitoring the operation requests, the operating characteristics of the operation are obtained;
The operating characteristics are analyzed, determine that triggering credible chip encrypts the file.
2. determining that triggering credible chip adds the method according to claim 1, wherein analyzing the operating characteristics
The close file, comprising:
Judge whether that triggering the credible chip carries out cryptographic operation to the file, the credible chip using inside for depositing
The key of storage encrypts or decrypts the file;
Wherein, the cryptographic operation is carried out to the file if triggering the credible chip, it is determined that the triggering credible core
Piece encrypts the file, and executes the step of allowing legitimate user to execute valid operation to the file;
The cryptographic operation is carried out to the file if not triggering the credible chip, it is determined that do not trigger the credible chip
The file is encrypted, and executes and forbids the step of valid operation is executed to the file.
3. according to the method described in claim 2, it is characterized in that, judge whether to trigger credible chip encrypt the file it
Before, the method also includes:
Whether the operating characteristics for judging the operation are encryption behavior;
If it is determined that the operating characteristics belong to the encryption behavior, judge whether that triggering credible chip encrypts the file.
4. according to the method described in claim 3, it is characterized in that, whether the operating characteristics for judging the operation are encryption row
For, comprising:
Obtain the comentropy of file destination, wherein the file destination is the file covered to the file;
Judge whether the comentropy reaches encryption threshold value;
If it is determined that the comentropy reaches the encryption threshold value, it is determined that the operating characteristics belong to encryption behavior;
If it is determined that the comentropy is not up to the encryption threshold value, it is determined that the operating characteristics are not belonging to encryption behavior.
5. according to the method described in claim 3, it is characterized in that, whether the operating characteristics for judging the operation are encryption row
For, comprising:
Obtain object content, wherein the object content is the content covered to the file;
Judge whether the object content meets encrypted feature;
If it is determined that the object content meets the encrypted feature, it is determined that the operating characteristics belong to encryption behavior;
If it is determined that the object content does not meet the encrypted feature, it is determined that the operating characteristics are not belonging to encryption behavior.
6. according to the method described in claim 3, it is characterized in that, determining that the operating characteristics are not belonging to the encryption behavior
In the case where, execution allows the step of executing valid operation to the file.
7. according to the method described in claim 3, it is characterized in that, whether being encryption row in the operating characteristics for judging the operation
For before, the method also includes:
Judge whether the operation is write operation;
If it is determined that the operation is write operation, then judge whether the operating characteristics of the operation are encryption behavior;
If it is determined that the operation is read operation, then executing allows the step of executing the read operation to the file.
8. according to the method described in claim 2, it is characterized in that, allowing legitimate user to execute valid operation to the file
Before, the method also includes:
Obtain the password password of legitimate user's input;
Judge whether the password password is correct;
If it is determined that the password password is correct, then the step of allowing legitimate user to execute valid operation to the file is executed;
If it is determined that the password password mistake, then execute and forbid the step of executing the valid operation to the file.
9. according to the method described in claim 8, it is characterized in that, the password password for obtaining legitimate user input it
Before, the method also includes:
Obtain the registration request of the legitimate user;
Generate the franchise password of the legitimate user;
Receive the listed files that the legitimate user sends, wherein the operation requests are to the file in the listed files
The request operated.
10. according to the method described in claim 9, it is characterized in that, before the registration request for obtaining the legitimate user, institute
State method further include:
Center is issued from platform credential and obtains platform credential, wherein the platform credential includes: the platform card of the legitimate user
The platform credential of book and file credible operation monitoring component;
The platform credential is stored in the credible chip.
11. a kind of document handling system characterized by comprising
File credible operation monitoring component, for monitoring the operation requests operated to file, if monitoring the operation
Request, obtains the operating characteristics of the operation;
Credible chip, for encrypting the file;
The file credible operation monitoring component has correspondence with the credible chip, it is special to be also used to analyze the operation
Sign determines that triggering the credible chip encrypts the file.
12. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program
When control the storage medium where equipment execute following steps: the operation requests that monitoring operates file;If monitoring
To the operation requests, the operating characteristics of the operation are obtained;The operating characteristics are analyzed, determine that triggering credible chip encrypts institute
State file.
13. a kind of processor, which is characterized in that the processor is for running program, wherein executed such as when described program is run
Lower step: the operation requests that monitoring operates file;If monitoring the operation requests, the operation of the operation is obtained
Feature;The operating characteristics are analyzed, determine that triggering credible chip encrypts the file.
14. a kind of document handling system characterized by comprising
Processor;And
Memory is connected to the processor, for providing the instruction for handling following processing step for the processor: monitoring pair
The operation requests that file is operated;If monitoring the operation requests, the operating characteristics of the operation are obtained;Described in analysis
Operating characteristics determine that triggering credible chip encrypts the file.
15. a kind of data processing method characterized by comprising
Obtain the operation requests operated to data, wherein the operation requests include operation code;
According to the operation code, determine that triggering credible chip encrypts the data, wherein it is special that the operation code corresponds to operation
Sign.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810399221.9A CN110414258B (en) | 2018-04-28 | 2018-04-28 | File processing method and system and data processing method |
TW108107620A TW201945969A (en) | 2018-04-28 | 2019-03-07 | File processing method and system, and data processing method |
PCT/US2019/028185 WO2019209630A1 (en) | 2018-04-28 | 2019-04-18 | File processing method and system, and data processing method |
US16/388,734 US20190332765A1 (en) | 2018-04-28 | 2019-04-18 | File processing method and system, and data processing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810399221.9A CN110414258B (en) | 2018-04-28 | 2018-04-28 | File processing method and system and data processing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110414258A true CN110414258A (en) | 2019-11-05 |
CN110414258B CN110414258B (en) | 2023-05-30 |
Family
ID=68292551
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810399221.9A Active CN110414258B (en) | 2018-04-28 | 2018-04-28 | File processing method and system and data processing method |
Country Status (4)
Country | Link |
---|---|
US (1) | US20190332765A1 (en) |
CN (1) | CN110414258B (en) |
TW (1) | TW201945969A (en) |
WO (1) | WO2019209630A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117313134A (en) * | 2023-11-29 | 2023-12-29 | 联通(广东)产业互联网有限公司 | File encryption method and device, electronic equipment and storage medium |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220318411A1 (en) * | 2021-03-30 | 2022-10-06 | EMC IP Holding Company LLC | Adaptive metadata encryption for a data protection software |
US11757934B1 (en) | 2021-06-24 | 2023-09-12 | Airgap Networks Inc. | Extended browser monitoring inbound connection requests for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11695799B1 (en) * | 2021-06-24 | 2023-07-04 | Airgap Networks Inc. | System and method for secure user access and agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11736520B1 (en) | 2021-06-24 | 2023-08-22 | Airgap Networks Inc. | Rapid incidence agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11757933B1 (en) | 2021-06-24 | 2023-09-12 | Airgap Networks Inc. | System and method for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11722519B1 (en) | 2021-06-24 | 2023-08-08 | Airgap Networks Inc. | System and method for dynamically avoiding double encryption of already encrypted traffic over point-to-point virtual private networks for lateral movement protection from ransomware |
US11916957B1 (en) | 2021-06-24 | 2024-02-27 | Airgap Networks Inc. | System and method for utilizing DHCP relay to police DHCP address assignment in ransomware protected network |
US11711396B1 (en) | 2021-06-24 | 2023-07-25 | Airgap Networks Inc. | Extended enterprise browser blocking spread of ransomware from alternate browsers in a system providing agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
TWI769038B (en) * | 2021-08-04 | 2022-06-21 | 林長毅 | Method for preventing data kidnapping and related computer program |
TWI789944B (en) * | 2021-10-08 | 2023-01-11 | 精品科技股份有限公司 | Method of application control based on different scanning schemes |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106484570A (en) * | 2016-10-28 | 2017-03-08 | 福建平实科技有限公司 | A kind of backpu protecting method and system extorting software document data for defence |
CN106845222A (en) * | 2016-12-02 | 2017-06-13 | 哈尔滨安天科技股份有限公司 | A kind of detection method and system of blackmailer's virus |
US20170339178A1 (en) * | 2013-12-06 | 2017-11-23 | Lookout, Inc. | Response generation after distributed monitoring and evaluation of multiple devices |
US20180007069A1 (en) * | 2016-07-01 | 2018-01-04 | Mcafee, Inc. | Ransomware Protection For Cloud File Storage |
CN107871089A (en) * | 2017-12-04 | 2018-04-03 | 杭州安恒信息技术有限公司 | File means of defence and device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9208335B2 (en) * | 2013-09-17 | 2015-12-08 | Auburn University | Space-time separated and jointly evolving relationship-based network access and data protection system |
-
2018
- 2018-04-28 CN CN201810399221.9A patent/CN110414258B/en active Active
-
2019
- 2019-03-07 TW TW108107620A patent/TW201945969A/en unknown
- 2019-04-18 US US16/388,734 patent/US20190332765A1/en not_active Abandoned
- 2019-04-18 WO PCT/US2019/028185 patent/WO2019209630A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170339178A1 (en) * | 2013-12-06 | 2017-11-23 | Lookout, Inc. | Response generation after distributed monitoring and evaluation of multiple devices |
US20180007069A1 (en) * | 2016-07-01 | 2018-01-04 | Mcafee, Inc. | Ransomware Protection For Cloud File Storage |
CN106484570A (en) * | 2016-10-28 | 2017-03-08 | 福建平实科技有限公司 | A kind of backpu protecting method and system extorting software document data for defence |
CN106845222A (en) * | 2016-12-02 | 2017-06-13 | 哈尔滨安天科技股份有限公司 | A kind of detection method and system of blackmailer's virus |
CN107871089A (en) * | 2017-12-04 | 2018-04-03 | 杭州安恒信息技术有限公司 | File means of defence and device |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117313134A (en) * | 2023-11-29 | 2023-12-29 | 联通(广东)产业互联网有限公司 | File encryption method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
WO2019209630A1 (en) | 2019-10-31 |
US20190332765A1 (en) | 2019-10-31 |
TW201945969A (en) | 2019-12-01 |
CN110414258B (en) | 2023-05-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110414258A (en) | Document handling method and system, data processing method | |
US10606988B2 (en) | Security device, methods, and systems for continuous authentication | |
US11494754B2 (en) | Methods for locating an antenna within an electronic device | |
CN106341381B (en) | Manage the method and system of the safe golden key of frame server system | |
US9531710B2 (en) | Behavioral authentication system using a biometric fingerprint sensor and user behavior for authentication | |
US9047464B2 (en) | Continuous monitoring of computer user and computer activities | |
US9092605B2 (en) | Ongoing authentication and access control with network access device | |
CN105874464B (en) | System and method for introducing variation in subsystem output signal to prevent device-fingerprint from analyzing | |
US11240224B2 (en) | Systems, methods and apparatuses for identity access management and web services access | |
US20150347773A1 (en) | Method and system for implementing data security policies using database classification | |
EP3005210B1 (en) | Secure automatic authorized access to any application through a third party | |
CN109446259B (en) | Data processing method and device, processor and storage medium | |
CN105554908A (en) | Method, master device, slave device and system for achieving code scanning automatic bluetooth connection | |
EP4242891A2 (en) | Systems and methods for securing login access | |
CN106030527B (en) | By the system and method for application notification user available for download | |
CN107196971A (en) | Information processing method, device, electronic equipment and server | |
CN114598671B (en) | Session message processing method, device, storage medium and electronic equipment | |
US11379568B2 (en) | Method and system for preventing unauthorized computer processing | |
CN109284608A (en) | Extort recognition methods, device and equipment, the security processing of software | |
CN104980279A (en) | Identity authentication method, and related equipment and system | |
CN115080946A (en) | Password input method and input device | |
CN117371987A (en) | Operation and maintenance audit management method and electronic equipment | |
CN112989406A (en) | Information processing method, device, equipment and storage medium | |
CN115509930A (en) | Method and related device for checking data exception caused by tissue architecture change |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40016270 Country of ref document: HK |
|
GR01 | Patent grant | ||
GR01 | Patent grant |